We develop an augmented reality-based app that resides on the attacker's smartphone and leverages computer vision and raw input data to provide real-time mimicry attack guidance on the victim's phone. Our approach does not require tampering or installing software on the victim's device, or specialized hardware. The app is demonstrated by attacking keystroke dynamics, a method leveraging the unique typing behaviour of users to authenticate them on a smartphone, which was previously thought to be hard to mimic. In addition, we propose a low-tech AR-like audiovisual method based on spatial pointers on a transparent film and audio cues. We conduct experiments with 31 participants and mount over 400 attacks to show that our methods enable attackers to successfully bypass keystroke dynamics for 87% of the attacks after an average mimicry training of four minutes. Our AR-based method can be extended to attack other input behaviour-based biometrics. While the particular attack we describe is relatively narrow, it is a good example of using AR guidance to enable successful mimicry of user behaviour---an approach of increasing concern as AR functionality becomes more commonplace.